Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Shai-Hulud npm supply chain incident was a wake-up call for the industry. The attack involved malicious packages containing hidden exfiltration scripts that targeted developers’ machines and CI environments. At Snyk, we watched this incident unfold in real-time, observing how quickly attackers can pivot from one compromised credential to a full-scale ecosystem infection.

Most teams learn the OWASP Top 10 as a list of application security failures. Injection flaws. Broken access control. Security misconfiguration. Items to scan for, remediate, and close before the next audit or penetration test. But data exposure rarely arrives neatly packaged as a single OWASP finding. When sensitive data leaks, it is almost never because one category failed in isolation.

AI coding assistants have fundamentally changed development velocity. With tools like Augment Code, developers can now build and iterate at a pace that was unimaginable just a few years ago. However, this explosion in speed has created a new challenge: security teams, often still relying on manual review processes, are becoming the bottleneck.

In the world of Software Composition Analysis (SCA), we often treat the tuple of (package_name, version) as a unique identifier. For example, given an NPM package angular version 1.8.0 - we would know precisely which source code was used, and what vulnerabilities affect that version.It is a common misconception that a package version maps directly to a fixed set of source code and, by extension, a static vulnerability profile.

CVE-2025-34299 is a critical vulnerability in Monsta FTP, a web-based file transfer tool, unauthenticated arbitrary file write via remote download leading to remote code execution (RCE). Affecting versions 2.11 and earlier, it enables attackers to upload malicious files via a crafted SFTP or FTP connection, compromising servers without credentials. This flaw has seen active exploitation through opportunistic scans. By January 2026, Vulnerable instances remain exposed.

In 2025, KrakenLabs tracked a series of shifts that reshaped how cyber threats materialized across organizations. Drawing on research conducted throughout the year, this article highlights the most consequential developments observed by KrakenLabs in 2025, where attacker success depended less on new tools or novel exploits and more on the large-scale exploitation of people, identity, and trusted access.

Exposure Management has quickly become one of the most talked-about concepts in cybersecurity. This article breaks down what exposure management really is, how it differs from vulnerability management, and why the ability to take action is what ultimately drives meaningful risk reduction.

Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a vulnerability (CVE-2025-64496 with a “High” severity rating of 7.3 out of 10) in Open WebUI in versions 0.6.34 and older. This flaw affects the Direct Connections feature, which lets users connect to external AI model servers (ex: OpenAI’s API). If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack.

On December 12, 2025, the MongoDB Security Engineering team disclosed a high-severity vulnerability in MongoDB that allows unauthenticated memory disclosure. The issue is tracked as CVE-2025-14847 and has a CVSS score of 8.7 and was quickly nicknamed MongoBleed in the security community due to the way it exposes server memory.